Virtual Vertex Muster Web Interface Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Virtual Vertex Muster and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to Virtual Vertex Muster version 6.2.0 or later. For updates refer to http://www.vvertex.com/index.php

Insight

The flaw is due to improper validation of URI containing ../(dot dot) sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Affected

Virtual Vertex Muster version 6.1.6

References

http://secunia.com/advisories/46991
http://www.securelist.com/en/advisories/46991
http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4714

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Web Server ETag Header Information Disclosure Weakness
Apache Rave User Information Disclosure Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities